stealc | 3612-0-0x0000000000CC0000-0x0000000001317000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3612-0-0x0000000000CC0000-0x0000000001317000-memory.dmp
Size

6.3MB
MD5

3a8a5870fb2517f566728999d6b201ac
SHA1

4e928ff9d366f8ab6674e5c0f0509d0d91663ea3
SHA256

62b9436411a3dccea1b9a3eb00f5bdc956b9b2b616a51570e6757a518ee9e299
SHA512

5ea8b7174c162638d6b22e32eea6bb491ad9f89611b29c680be413a4d55e2dac29e89f795fed35e1d4c308e8a772c33152d34e6166582a799323d4159e6d20c5
SSDEEP

3072:YoDQXQtRNliVukWiGQk4WjnGKuHVM8PjAB8vXC6Hu7FI:YoDQXYRPiokWJ97GKu1M8jAB28FI

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3612-0-0x0000000000CC0000-0x0000000001317000-memory.dmp

Files

3612-0-0x0000000000CC0000-0x0000000001317000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 79KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

anzztnwi
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rmbnkqqd
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE